Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2882
Views
0
Helpful
1
Replies

Cisco ASA 5505 URL Filtering/Blocking

s.nasheet
Level 1
Level 1

‎07-07-2012 01:56 PM - edited ‎03-11-2019 04:27 PM

Hi,

I have ASA 5505 running 7.2.4, I want to prevent users accessing some web sites such as facebook , youtube and hotmail etc.

Can you please advise if that is possible with ASA 5505?

Which ASA 5505 IOS version should I use to block web access?

I don't want to isntall a dedicated filtering server ( websense etc) , I just want to block web sites statically on ASA 5505 via ASDM as I only have few sites to block.

Can you please let me know if ASA 5505 can do URL filtering, and what IOS is required ?

Many thanks

Salman.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎07-07-2012 03:43 PM

Which ASA 5505 IOS version should I use to block web access?

not only for blocking but in general I would go for the newest 8.2 release. For everything newer you propably need a memory-upgrade.

How to block websites:

1) For HTTP you can write a L7-policy (HTTP-inspect-map) where you deny the domains or FQDNs you don't want.

2) For HTTPS it's not that easy as the ASA can't inspect that traffic. For that you could write a DNS-inspection and drop all queries for facebook etc. Of course that will not stop your users if they are smart enough ...

I would go the following way:

3) don't allow TCP/80 and TCP/443 through the ASA and send that traffic through a proxy. Then do the filtering there.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card